The Canadian Internet Registration Authority (“CIRA”) takes security seriously. If you believe you have discovered a security vulnerability in CIRA’s products or services, we would appreciate you disclosing it to CIRA.
Please contact us at firstname.lastname@example.org and provide as much information as possible, including:
- Products and/or services affected.
- A description of the technical details of the vulnerability.
- An explanation of how the vulnerability may be exploited.
- Whether this vulnerability is public or known to third parties. If it is, please provide details.
Once we receive your correspondence, we will investigate your reported issue to validate the findings. A member of CIRA’s security team will contact you in a timely manner. If the vulnerability is confirmed, we will notify you when it has been fixed.
We greatly appreciate the efforts of researchers who share information on security issues, giving us an opportunity to improve the overall security of our product and service offerings.